syzbot


possible deadlock in hfs_find_init

Status: upstream: reported C repro on 2023/03/22 23:14
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+5ec6d29e9352c6f10dc7@syzkaller.appspotmail.com
First crash: 182d, last: 60d
Bug presence (1)
Date Name Commit Repro Result
2023/06/19 upstream (ToT) 45a3e24f65e9 C [report] possible deadlock in hfs_find_init
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 possible deadlock in hfs_find_init hfs C 1 205d 237d 0/1 upstream: reported C repro on 2023/01/26 19:14
linux-4.19 possible deadlock in hfs_find_init hfs C error 7 199d 265d 0/1 upstream: reported C repro on 2022/12/30 06:08
upstream possible deadlock in hfs_find_init (2) hfs C error 89 4d23h 268d 0/25 upstream: reported C repro on 2022/12/27 00:59
linux-6.1 possible deadlock in hfs_find_init origin:upstream C 15 5d12h 184d 0/3 upstream: reported C repro on 2023/03/20 17:38
upstream possible deadlock in hfs_find_init hfs C done error 1 986d 1977d 22/25 fixed on 2021/11/10 00:50

Sample crash report:
loop0: detected capacity change from 0 to 64
============================================
WARNING: possible recursive locking detected
5.15.117-syzkaller #0 Not tainted
--------------------------------------------
syz-executor280/3960 is trying to acquire lock:
ffff0000c94000b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x148/0x1c8

but task is already holding lock:
ffff0000c94000b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x148/0x1c8

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&tree->tree_lock/1);
  lock(&tree->tree_lock/1);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

5 locks held by syz-executor280/3960:
 #0: ffff0000c1ee6460 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x228/0xb3c fs/read_write.c:590
 #1: ffff0000c2269628 (&sb->s_type->i_mutex_key#17){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
 #1: ffff0000c2269628 (&sb->s_type->i_mutex_key#17){+.+.}-{3:3}, at: generic_file_write_iter+0x84/0x1b8 mm/filemap.c:3932
 #2: ffff0000c2269478 (&HFS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xe4/0x10e4 fs/hfs/extent.c:397
 #3: ffff0000c94000b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x148/0x1c8
 #4: ffff0000c22680f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xe4/0x10e4 fs/hfs/extent.c:397

stack backtrace:
CPU: 0 PID: 3960 Comm: syz-executor280 Not tainted 5.15.117-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 __lock_acquire+0x62b4/0x7620 kernel/locking/lockdep.c:5011
 lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
 __mutex_lock_common+0x194/0x2154 kernel/locking/mutex.c:596
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0xa4/0xf8 kernel/locking/mutex.c:743
 hfs_find_init+0x148/0x1c8
 hfs_ext_read_extent fs/hfs/extent.c:200 [inline]
 hfs_extend_file+0x24c/0x10e4 fs/hfs/extent.c:401
 hfs_bmap_reserve+0xd0/0x3b4 fs/hfs/btree.c:231
 __hfs_ext_write_extent+0x1a0/0x468 fs/hfs/extent.c:121
 __hfs_ext_cache_extent+0x84/0x754 fs/hfs/extent.c:174
 hfs_ext_read_extent fs/hfs/extent.c:202 [inline]
 hfs_extend_file+0x278/0x10e4 fs/hfs/extent.c:401
 hfs_get_block+0x3ac/0x9fc fs/hfs/extent.c:353
 __block_write_begin_int+0x3ec/0x1608 fs/buffer.c:2012
 __block_write_begin fs/buffer.c:2062 [inline]
 block_write_begin fs/buffer.c:2122 [inline]
 cont_write_begin+0x538/0x710 fs/buffer.c:2471
 hfs_write_begin+0xa8/0xf8 fs/hfs/inode.c:59
 generic_perform_write+0x24c/0x520 mm/filemap.c:3776
 __generic_file_write_iter+0x230/0x454 mm/filemap.c:3903
 generic_file_write_iter+0xb4/0x1b8 mm/filemap.c:3935
 call_write_iter include/linux/fs.h:2103 [inline]
 new_sync_write fs/read_write.c:507 [inline]
 vfs_write+0x87c/0xb3c fs/read_write.c:594
 ksys_write+0x15c/0x26c fs/read_write.c:647
 __do_sys_write fs/read_write.c:659 [inline]
 __se_sys_write fs/read_write.c:656 [inline]
 __arm64_sys_write+0x7c/0x90 fs/read_write.c:656
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/06/17 03:50 linux-5.15.y 471e639e59d1 f3921d4d .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 possible deadlock in hfs_find_init
2023/07/23 02:21 linux-5.15.y d54cfc420586 27cbe77f .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan possible deadlock in hfs_find_init
2023/06/15 12:29 linux-5.15.y 471e639e59d1 90d4044e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in hfs_find_init
2023/07/07 17:47 linux-5.15.y d54cfc420586 668cb1fa .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hfs_find_init
2023/04/28 19:58 linux-5.15.y f48aeeaaa64c 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hfs_find_init
2023/04/19 22:01 linux-5.15.y 4fdad925aa1a a219f34e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hfs_find_init
2023/03/22 23:13 linux-5.15.y 115472395b0a f94b4a29 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hfs_find_init
* Struck through repros no longer work on HEAD.